Trustful Routing Protocol For Wireless Adhoc Network Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Abstract- An ad hoc network is the cooperative engagement of a collection of mobile nodes without the required intervention of any centralized access point or existing infrastructure. There is an increasing trend to adopt ad hoc networking for commercial uses; however, their main applications lie in military, tactical and other security-sensitive operations. In this thesis, we proposed a secure hybrid ad hoc routing protocol which aims at addressing limitations by combining the best properties of both proactive and reactive approaches. The proposed protocol is based on the concept zone routing protocol. It employs an integrated approach of digital signature and both the symmetric and asymmetric key encryption techniques to achieve the security goals like message integrity, data confidentiality and end to end authentication at IP layer. The thesis details the design of the proposed protocol and analyses its robustness in the presence of multiple possible security attacks that involves impersonation, modification, fabrication and replay of packets caused either by an external advisory or an internal compromised node within the network. The security and performance evaluation of the protocol through simulation indicates that the proposed scheme successfully defeats all the identified threats and achieves a good security at the cost of acceptable overhead.

Keywords- MANET, Key Management Approach, Secure Zone Routing Protocol.


A mobile ad hoc network (MANET) sometimes called a wireless ad hoc network or a mobile mesh network is a wireless network, comprised of mobile computing devices (nodes) that use wireless transmission for communication, without the aid of any established infrastructure or centralized administration such as a base station or an access point. Unlike traditional mobile wireless networks, mobile ad hoc networks do not rely on any central coordinator but communicate in a self organized way. Mobile nodes that are within each other's radio range communicate directly via wireless links, while those far apart rely on other nodes to relay messages as routers. In ad hoc network each node acts both as a host (which is capable of sending and receiving) and a router which forwards the data intended for some other node. Ad hoc wireless networks can be deployed quickly anywhere and anytime as they eliminate the complexity of infrastructure setup.

Applications of ad hoc network range from military operations and emergency disaster relief, to commercial uses such as community networking and interaction between attendees at a meeting or students during a lecture. Most of these applications demand a secure and reliable communication. Mobile wireless networks are generally more vulnerable to information and physical security threats than fixed wired networks. Vulnerability of channels and nodes, absence of infrastructure and dynamically changing topology, make ad hoc networks security a difficult task. Broadcast wireless channels allow message eavesdropping and injection (vulnerability of channels). Nodes do not reside in physically protected places, and hence can easily fall under the attackers' control (node vulnerability). The absence of infrastructure makes the classical security solutions based on certification authorities and on-line servers inapplicable. In addition to this, the security of routing protocols in the MANET dynamic environment is an additional challenge [1] and [3].

Most of the previous research on ad hoc networking has been done focusing only upon the efficiency of the network. There are quite a number of routing protocols proposed that are excellent in terms of efficiency. However, they were generally designed for a non-adversarial network setting, assuming a trusted environment; hence no security mechanism has been considered. But in a more realistic setting such as a battle field or a police rescue operation, in which, an adversary may attempt to disrupt the communication; a secure ad hoc routing protocol is highly desirable. The unique characteristics of ad hoc networks present a host of research areas related to security, such as, key management models, secure routing protocols, instruction detection systems and trust based models. This thesis work is based on the research done in the area of secure routing.

Secure routing in the field of mobile ad hoc networks is one of the most emerging areas of research. Designing a foolproof security protocol for ad hoc routing is a challenging task due to the unique network characteristics such as, lack of central authority, rapid node mobility, frequent topology changes, insecure operational environment, shared radio channel and limited availability of resources. A number of protocols have been proposed in the literature for secure routing [3] and [4].


In ad hoc network each node acts both as a host (which is capable of sending and receiving) and a router which forwards the data intended for some other node. Hence it is appropriate to call such networks as "multi-hop wireless ad hoc networks". Figure 1 shows an example of mobile adhoc network and its communication technology.

As shown in Figure 1, an ad hoc network might consist of several home-computing devices, including laptops, cellular phones, and so on. Each node will be able to communicate directly with any other node that resides within its transmission range. For communicating with nodes that reside beyond this range, the node needs to use intermediate nodes to relay the messages hop by hop.

Figure 1: A Typical Mobile Ad Hoc Network

Mobile ad hoc networks eliminate the constraint of infrastructure set up and enable devices to create and join networks on the fly, any where, any time and virtually for any application. However, these flexibilities and convenience do come at a price. Mobile ad hoc networks inherit the common problems of wireless networking in general, and add their own constraints specific to ad hoc routing [2].

Ad hoc On Demand Distance Vector (AODV) routing-The Ad Hoc On-Demand Distance Vector (AODV) routing protocol is based on the DSDV algorithm described in [7]. AODV is an improvement on DSDV because it typically minimizes the number of required broadcasts by creating routes on a demand basis, as opposed to maintaining a complete list of routes as in the DSDV algorithm. The authors of AODV classify it as a pure on-demand route acquisition system, since nodes that are not on a selected path do not maintain routing information or participate in routing table exchanges.

When a source node desires to send a message to some destination node and does not already have a valid route to that destination, it initiates a path discovery process to locate the other node. It broadcasts a route request (RREQ) packet to its neighbors, which then forward the request to their neighbors, and so on, until either the destination or an intermediate node with a "fresh enough" route to the destination is located. AODV utilizes destination sequence numbers to ensure all routes are loop-free and contain the most recent route information. Each node maintains its own sequence number, as well as a broadcast ID. The broadcast ID is incremented for every RREQ the node initiates, and together with the node's IP address, uniquely identifies an RREQ. Along with its own sequence number and the broadcast ID, the source node includes in the RREQ the most recent sequence number it has for the destination. Intermediate nodes can reply to the RREQ only if they have a route to the destination whose corresponding destination sequence number is greater than or equal to that contained in the RREQ.

During the process of forwarding the RREQ packets, intermediate nodes record in their route tables the address of the neighbor from which the first copy of the broadcast packet is received, thereby establishing a reverse path. If additional copies of the same RREQ are later received, these packets are discarded. Once the RREQ reaches the destination or an intermediate node with a fresh enough route, the destination or the intermediate node responds by unicasting a route reply (RREP) packet back to the neighbor from which it first received the RREQ. As the RREP packet is routed back along the reverse path, nodes along this path set up forward route entries in their route tables which point to the node from which the RREP packet came. These forward route entries indicate the active forward route. Associated with each route entry is a route timer which will cause the deletion of the entry if it is not used within the specified lifetime. Because the RREP packet is forwarded along the path established by the RREQ packet, AODV only supports the use of symmetric links in the network. Routes are maintained by AODV as follows. If a source node moves, it is able to reinitiate the route discovery protocol to find a new route to the destination. If a node along the route moves, its upstream neighbor notices the move and propagates a link failure notification message (an RREP packet with infinite metric) to each of its active upstream neighbors to inform them of the erasure of that part of the route. These nodes in turn propagate the link failure notification to their upstream neighbors, and so on until the source node is reached. The source node may then choose to reinitiate route discovery for that destination if a route is still desired [1] and [5].

Zone Routing Protocol (ZRP)

As explained earlier, either a purely proactive or purely reactive approach to implement a routing protocol for a MANET has their disadvantages. The Zone Routing Protocol (ZRP) as described in [16] aims at addressing these limitations by combining the best properties of both proactive and reactive approaches and hence it can be classed as a hybrid proactive/reactive routing protocol. In a MANET it can be safely assumed that most communication takes place between nodes close to each other. Therefore, ZRP reduces the proactive scope to a zone centered on each node and reactive approach outside the zone. When a node has a data packet for a particular destination, it checks whether the destination is within its zone or not. If it is within the zone, the packet is routed proactively. Reactive routing is used if the destination is outside the zone.

A zone (routing zone) of a node is nothing but the area of local neighbourhood of that node. The "size" of a zone is not determined by geographical measurement, as one might expect, but is given by a radius of length β where, β is the number of hops to the perimeter of the zone. Each node may be within multiple overlapping zones, and each zone may be of a different size. An example routing zone is shown in Figure 3, where the routing zone of S includes the nodes A-I, but not K. In the illustrations, the radius is marked as a circle around the node in question.

The nodes of a zone are divided into peripheral nodes and interior nodes. Peripheral nodes are nodes whose minimum distance to the central node is exactly equal to the zone radius β. The nodes whose minimum distance is less than β are interior nodes. In Figure 2, the nodes A-F are interior nodes, the nodes G-J are peripheral nodes and the node K is outside the routing zone. Note that node H can be reached by two paths, one with length 2 and one with length 3 hops. The node is however within the zone, since the shortest path is less than or equal to the zone radius.

Figure 2: Routing zone of node S with zone radius β =2

ZRP refers to the locally proactive routing component as the IntrA-zone Routing Protocol (IARP). The globally reactive routing component is named IntEr-zone Routing Protocol (IERP). IERP and IARP are not specific routing protocols. Instead, IARP is a family of limited-depth, proactive link-state routing protocols like OLSR. It periodically computes the route to all intrazone nodes (nodes that are within the routing zone of a node) and maintains this information in a data structure called IARP routing table. Correspondingly, IERP is a family of reactive routing protocols like DSR or AODV that offer enhanced route discovery and route maintenance services based on local connectivity monitored by IARP. Since IARP employees a proactive link state routing protocol for maintaining intrazone routing information, the first thing which becomes necessary for IARP is to know about the neighbours of a node. In order to learn about a node's direct neighbors and possible link failures, IARP relies on a Neighbor Discovery Protocol (NDP) provided by the MAC layer. NDP transmits "HELLO" beacons at regular intervals. Upon receiving a beacon, the neighbor table is updated. Neighbors, for which no beacon has been received within a specified time, are removed from the table.

For route discovery by IERP, the notion bordercasting is introduced. Bordercasting utilizes the topology information provided by IARP to direct query request to the border of the zone. The bordercast packet delivery service is provided by the Bordercast Resolution Protocol (BRP). BRP uses a map of an extended routing zone to construct bordercast trees for the query packets. BRP employs query control mechanisms, to direct route requests away from areas of the network that already have been covered [3] and [8].

Security Attacks on Ad Hoc Routing Protocols

The complexity and uniqueness of MANETs make them more vulnerable to security threats than their wired counterparts. Attacks on ad hoc wireless networks can be classified as passive and active attacks, depending on whether the normal operation of the network is disrupted or not.

 Passive attacks: A passive attack does not disrupt the normal operation of the network; the attacker snoops the data exchanged in the network without altering it. Here the requirement of confidentiality gets violated. Detection of passive attack is very difficult since the operation of the network itself doesn't get affected. One of the solutions to the problem is to use powerful encryption mechanism to encrypt the data being transmitted, thereby making it impossible for the attacker to get useful information from the data overheard.

 Active attacks: An active attack attempts to alter or destroy the data being exchanged in the network there by disrupting the normal functioning of the network. Active attacks can be internal or external. External attacks are carried out by nodes that do not belong to the network. Internal attacks are from compromised nodes that are part of the network. Since the attacker is already part of the network, internal attacks are more severe and hard to detect than external attacks. Active attacks, whether carried out by an external advisory or an internal compromised node involves actions such as impersonation (masquerading or spoofing), modification, fabrication and replication.

Both passive and active attacks can be made on any layer of the network protocol stack. This section however, focuses on network layer attacks only (routing attacks). Depending upon the various attacking behavior routing attacks can be classified into five categories: attacks using information disclosure, impersonation (masquerading or spoofing), modification, fabrication, and replay of packets. Among these information disclosure is a passive attack while the rest fall under the active category [2] and [9].

Security Mechanisms and Solutions

Having seen the various kinds of attacks possible on ad hoc routing, we now look at various techniques employed to overcome these attacks. There can be two types of security mechanisms: preventive and detective. Preventive mechanisms are typically based on message encryption techniques, while detective mechanisms include the application of digital signature and cryptographic hash functions.

Message Encryption

Encipherment or message encryption is the science and art of transforming a message into a disguised version which no unauthorized person can read, but which can be recovered in its original form by an intended recipient. In the parlance of cryptography, the original message is called plaintext and the secret version of the message is called ciphertext. The plaintext is converted into ciphertext by the process of encryption, that is, by the use of certain algorithms or functions. The reverse process is called decryption. The process of encryption and decryption are governed by keys, which are small amount of information used by the cryptographic algorithms. There are two types of encryption techniques: symmetric key and asymmetric key (or public key). Symmetric key cryptosystem uses the same key (the secret key) for encryption and decryption of a message, where as asymmetric key cryptosystems use one key (the public key) to encrypt a message and another key (the private key) to decrypt it. Public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used for decryption purpose. Even if attacker comprises a public key, it is virtually impossible to deduce the private key. Symmetric key algorithms are usually faster to execute electronically than the asymmetric key algorithms [6] and [7].

Key Management Approaches

Both digital signature and encryption mechanisms are key-based approaches. Key distribution and management is therefore at the center of these mechanisms. There are several methods given in that can be employed to perform this operation, all requiring varying amounts of initial configuration, communication and computation. We will however, focus on the method based on public key certificates, as we have used this approach in our proposed protocol.

According to this approach, the key management responsibility is shared among a set of trusted certification servers called the certification authorities (CAs). Each CA has a public/private key pair, with its public key known to every node, and signs certificates binding public keys to nodes after verifying their authenticity secretly. The trusted CA has to stay on-line to reflect the current bindings, because the bindings could change over time: a public key should be revoked if the owner node is no longer trusted or is out of the network; a node may refresh its key pair periodically to reduce the chance of a successful brute-force attack on its private key.

Requirements for a Secure Routing Protocol

We list here the fundamental requisites of a secure routing protocol for mobile ad hoc networks. They are: (1) Routing messages cannot be altered in transit, except according to the normal functionality; (2) Route signaling cannot be spoofed; (3) Fabricated routing messages cannot be injected into the network; (4) Routing loops cannot be formed through malicious action; (5) Routes cannot be redirected from the shortest path by malicious action; (6) Unauthorized nodes should be excluded from route computation and discovery; (7) The network topology must not be exposed by the routing messages either to adversaries or to authorized nodes.

Authenticated Routing for Ad Hoc Networks (ARAN)

Authenticated routing for ad hoc networks (ARAN) is an on-demand protocol designed to provide secure communications in managed open environments. Nodes in a managed-open environment exchange initialization parameters before the start of communication. Session keys are exchanged or distributed through a trusted third party like a certification authority. Each node in ARAN receives a certificate after securely authenticating its identity to a trusted certificate server T. Nodes use these certificates to authenticate themselves to other nodes during the exchange of routing messages. The certificate contains the node's IP address, its public key, as well as the time of issuing and expiration. These fields are concatenated and signed by the server T. A node A receives a certificate as: T → A: certA = [IPA, KA+, t, e] KT−

In the authentication phase, ARAN ensures the existence of a secure path to the destination. Each intermediate node in the network stores the route pair (previous node, the destination node). All the fields are concatenated and signed with source node I's private key. A combination of the nonce number (NI) and timestamp (t) is used to obtain data freshness and timeliness property. Each time I performs a route discovery, it monotonically increases the nonce. The signature prevents spoofing attacks that may alter the route or form loops. Source node I broadcasts a route discovery packet (RDP) for a destination D as: I → brdcst: [RDP, IPD, certI, NI, t] KI−.

Each node that receives the RDP for the first time removes any other intermediate node's signature, signs the RDP using its own key, and broadcasts it to all its neighboring nodes. This continues until destination node D eventually receives the packet. After receiving the RDP, the destination node D sends a reply (REP) packet back along the reverse path to the source node I. If J is the first node on the reverse path, REP packet is sent as: D → J: [REP, IPI, certD, NI, t] KD−

The source node I on receiving the REP packet, verifies the destination's signature KD− and the nonce NI. When there is no traffic on an existing route for some specific time, protocols are well suited for networks where the call-to-mobility ratio is relatively low, but as they have long route request delay, they are not ideal for an environment where this ratio is relatively high. Proactive routing protocols, on the other hand, are favorable for networks having high node mobility, however in a reverse environment they perform inefficiently, as, they use excess bandwidth in maintaining the routing information. Researchers advocate that the issue of efficient operation over a wide range of conditions can be addressed by a hybrid routing approach, where the proactive and the reactive behavior is mixed in the amounts that best match these operational conditions. In the next chapter we proposed such a hybrid secure routing protocol for ad hoc networks that will address the limitations of both proactive and reactive routing approaches [10] and [11].

Proposed Techniques

Our proposed solution, defined as Secure Zone Routing Protocol (SZRP), which aims towards addressing this issue. We have detailed the design of the proposed protocol and analyzed its robustness in diverse networking environment, in the presence of multiple possible security attacks.

Our Protocol

The Secure Zone Routing Protocol (SZRP) is based on the concept of Zone Routing Protocol (ZRP). It is a hybrid routing protocol that combines the best features of both proactive and reactive approaches and adds its own security mechanisms to perform secure routing. The reasons for selecting ZRP as the basis of our protocol are as follows:

(i) ZRP is based on the concept of routing zones, a restricted area, and it is more feasible to apply the security mechanisms within a restricted area than in a broader area that of the whole network, (ii) Since the concept of zones separate the communicating nodes in terms of interior (nodes within the zone) and exterior (nodes outside the zone) nodes, certain information like network topology and neighbourhood information etc. can be hidden to the exterior nodes, (iii) In case of a failure, it can be restricted to a zone.

Like ZRP the proposed protocol performs routing in terms of intrazone and interzone routing. It limits the proactive scope within a zone centered on each node and the reactive approach outside the zone. However, it differs from ZRP in security aspects. In ZRP where there is no security consideration, SZRP is designed to address all measure security concerns like end to end authentication, message/packet integrity and data confidentiality during both intra and inter-zone routing. For end to end authentication and message/packet integrity RSA digital signature mechanism is employed, where as data confidentiality is ensured by an integrated approach of both symmetric and asymmetric key encryption.

Packets are signed and/or encrypted (either using symmetric or asymmetric key approach) depending upon their type i.e. whether the packet is a control or a data packet. Most of the control packets are only signed. However, all the data packets and those control packets that contain any secret information like a session key between the source and destination node and are signed as well as encrypted. Since the control packets are small in size they are encrypted using the asymmetric key approach. As the data packets are generally long and symmetric key approach is faster than the asymmetric key encryption we encrypt all the data packets using the symmetric key approach. The secure zone routing protocol (SZRP) makes the use of public key certificates for key distribution and management. Such certificates are already deployed as part of one hop 802.11 networks; this is the case on the UMass campus, where an 802.11 VPN is deployed and certificates are carried by nodes. For the process of public key certification, SZRP assumes the presence of trusted certification servers called the certification authorities (CAs) in the network in addition to the communicating nodes which we call the common nodes (CNs). Each CN before taking part in communication need to be certified by some CA and are granted public keys. SZRP is a two phase protocol. The first phase is the preliminary certification process where each CN fetches their required keys from their nearest CA. The second phase is secure routing phase which uses these keys to perform secure intra-zone or inter-zone routing by applying the process of digital signature and message encryption.

Certification Process

The Secure Zone Routing Protocol (SZRP) requires the presence of trusted certification servers called the certification authorities (CAs) in the network. The CAs are assumed to be safe, whose public keys are known to all valid CNs. Keys are generated apriori and exchanged through an existing, perhaps out of band, relationship between CA and each CN. Before entering the ad hoc network, each node requests a certificate from it's nearest CA. Each node receives exactly one certificate after securely authenticating their identity to the CA. The idea is depicted in Figure 4 The methods for secure authentication to the certificate server are numerous and hence it is left to the developers;

Fig 3: Certification Process in SZRP

A common node X receives a certificate from its nearest CA as follows:

CA→ X: certX = [IPX, VKX, EKX, t, e] | signCA

Where, signCA = [IPX, VKX, EKX, t, e] SKCA

The certificate contains the IP address of X, the two public keys VKX and EKX of X, one for verifying the signature signed by X and other for encrypting a packet to be send to X, a timestamp 't' of when the certificate was created, and a time 'e' at which the certificate expires, all appended by the signature signCA of CA. All nodes must maintain fresh certificates with their nearest CA.

Design of Secure Zone Routing Protocol

This section describes in details the architectural design of the proposed protocol as a whole and its individual components in particular.

Design Assumptions

We have assumed the following things for the design and successful deployment of the proposed protocol.

The network links are assumed to be bidirectional.

The resources of different ad hoc network nodes may vary greatly, from nodes with very little computational resources, to resource rich nodes equivalent in functionality to high-performance workstations. To make our results as general as possible, we have designed SZRP to support nodes with moderate resources, such as a Palm Pilot or RIM pager.

The proposed protocol intends to provide security at IP layer. Hence, for a secure communication across the network protocol stack suitable techniques should be employed to secure MAC and physical layers.

The key management protocol (KMP) is responsible for public key certification process. It fetches the public keys for each CN by certifying them with the nearest CA. The secure intrazone routing protocol (SIARP) and secure interzone routing protocol (SIERP) uses these keys to perform secure intrazone and interzone routing respectively.

SIARP is a limited depth proactive link-state routing protocol with inbuilt security features. It periodically computes the route to all intrazone nodes (nodes that are within the routing zone of a node) and maintains this information in a data structure called SIARP routing table. This process is called proactive route computation. The route information to all intrazone nodes collected in proactive route computation phase is used by SIARP to perform secure intrazone routing. A detail discussion on secure intrazone routing and proactive route computation. SIERP is a family of reactive routing protocols with added security features like ARAN. It offers on demand secure route discovery and route maintenance services based on local connectivity information monitored by SIARP. The interzone routing and the route maintenance services offered by SIERP. In order to detect the neighbor nodes and possible link failures, SZRP relies on the neighborhood discovery protocol (NDP) [18] similar to that of ZRP. NDP does this by periodically transmitting a HELLO beckon (a small packet) to the neighbors at each node and updating the neighbor table [18] on receiving similar HELLO beckons from the neighbors. NDP gives the information about the neighbors to SIARP and also notifies SIARP when the neighbor table updates. We have assumed that NDP is implemented as a MAC layer protocol. A number of security mechanisms suggested for MAC layer can be employed to secure NDP.

To minimize the delay during interzone route discovery, SIERP uses bordercasting technique similar to ZRP, which is implemented here by the modified border resolution protocol (MBRP). MBRP is a modification of the bordercast technique adopted in ZRP. It not only forwards SIERP's secure route discovery packets to the peripheral nodes of the bordercasting node but also sets up a reverse path back to the neighbour by recording its IP address. MBRP uses the routing table of SIARP to guide these route queries. Since, all security measures are taken by SIERP during interzone routing; no additional security mechanism is adopted by MBRP during bordercasting.

The Secure Routing Algorithm-

SIARP, at each node, periodically computes the route to all intrazone nodes and maintains this information in SIARP routing table. For example in Figure 4, node A proactively computes the route to B, T, E, F and Y and stores this information in its SIARP routing table. This process, called proactive route computation.


Source / Destination

Other nodes

Fig 4: Intrazone and Interzone destinations of node A (zone radius β = 2)

When a node has a data packet for another node, it checks its SIARP routing table to determine whether the destination is within its zone or not. If the destination is within the zone, for example if node A has a packet destined for node Y, the packet is forwarded to the destination proactively using SIARP. On the other hand if the destination is outside the zone, for example if node A wants to transmit a packet to Z, then interzone routing is performed using SIERP For intrazone routing we consider A as the source and Y as the destination. The following steps are taken by SIARP (at node A) to route a data packet from A to Y.

Step 1: A looks for the route to Y in its SIARP routing table and finds it to be A-F-Y.

Step 2: A sends a SKREQ packet to Y along this route requesting a session key KAY between A and Y.

A→ Y: [SKREQ, IPY, certA] | signA

Where, signA = [SKREQ, IPY, certA] SKA

The SKREQ packet contains a packet type identifier "SKREQ", the IP address of the destination Y, and A's certificate, all appended by the signature signA of A signed using SKA.

Step 3: Y on receiving this request, verifies the signature using VKA, which it extracts from A's certificate, creates the session key KAY, encrypts it using EKA and sends it to A as SKREP packet along the reverse route Y-F-A.

Y→ A: [SKREP, IPA, certY, {KAY}EKA] | signY

Where, signY = [SKREP, IPA, certY, {KAY}EKA] SKY.

The packet contains a packet type identifier "SKREP", the IP address of A, the certificate of Y and the session key encrypted using EKA, all appended by the signature signY of Y signed using SKY.

Step 4: A on receiving the SKREP packet, verifies the packet using VKY, conforms its authenticity, decrypts it using DKA and extracts the session key KAY. Once A gets the session key KAY, it can encrypt the data packet using KAY and send it to Y along the same route A-F-Y.

All further communication between A and Y takes place similarly, using this session key. The following steps are taken by SIERP to route the data packet from A to Z:

Step 1: SIERP at A begins the secure route discovery process to Z by bordercasting to its peripheral nodes T, E and Y, a SRD packet with the help of MBRP.

A→ bordercast : [SRD, IPZ, certA, β, NA, t] | signA

where, signA = [SRD, IPZ, certA, β, NA, t] SKA

The packet contains a packet type identifier "SRD", the IP address of the destination Z, A's certificate, the zone radius 'β', a nonce NA created by A and the current time t, all appended by the signature signA of A. The nonce NA is monotonically increased every time A performs route discovery. NA and t together with the IP address of A (IPA) uniquely identify the SRD which prevents the replay attack. NA is made large enough such that, it will not need to be recycled within the probable clock skew between receivers. If a nonce later reappears in a valid packet that has a later timestamp, the nonce is assumed to have wrapped around, and is therefore accepted. Note that a hop count is not included with the message.

Step 2: When a peripheral node of A (T, E or Y), receives the SRD, it checks the (IPA, NA, t) tuple to verify that it has not already processed this SRD. Nodes do process packets for which they have already seen this tuple. The receiving node uses A's public key, which it extracts from A's certificate, to validate the signature and verify that A's certificate has not expired. If the packet is found to be authentic, it sets up a reverse path back to the source A by recording the neighbor from which it received the SRD, for example when the peripheral node T receives the SRD it sets up a reverse path back to A by recording the neighbor B from which it received the SRD (B sets up a reverse path to A during bordercasting. Now, T sets up the reverse path to B. So a reverse path from T to A is set).

The peripheral node then signs the contents of the message originally bordercast by A and appends this signature and its own certificate to the SRD. It checks in its SIARP routing table whether it has a valid path to the destination Z. If it has (Z is within the zone of the node), it forwards the SRD directly to Z along this route, otherwise it rebordercasts the packet to its peripheral nodes. In the present case since none of the peripheral nodes T, E and Y has the route to Z (Z is not within the zone of T, E or Y), all rebordercasts the SRD to their peripheral nodes, for example, T rebordercasts the SRD to K.

T→bordercast: [[SRD, IPZ, certA, β, NA, t] | signA ] | signT, certT

Where, signT =[[SRD, IPZ, certA, β, NA, t] | signA]]SKT.

Step 3: Upon receiving the SRD, T's peripheral node K checks the (IPA, NA, t) tuple, validates T's signature and sets up the reverse path to T (if the signature is authentic). K then removes T's certificate and signature, signs the contents of the message originally bordercast by A and appends this sign along with its own certificate to the SRD. It checks in its SIARP routing table whether it has a valid path to Z. Since it doesn't, it again rebordercasts the packet to its peripheral nodes I and D.

K→bordercast: [[SRD, IPZ, certA, β, NA, t] | signA ] | signK, certK

Where, signK =[[SRD, IPZ, certA, β, NA, t] | signA]]SKK.

Each node along the path repeats these steps of validating the previous node's signature, recording the previous node's IP address for setting up the reverse path, removing the previous node's certificate and signature, signing the original contents of the message, appending its own certificate and rebordercasting the message, until the SRD reaches a node, that has a valid route to the destination Z (Z is within the zone of the node). In this case the node instead of rebordercasting the SRD, directly forwards it to Z. For example, when the SDR reaches J, it validates the packet, sets up the reverse path to the bordercasting node D, removes D's certificate and signature, signs the contents of the message originally bordercast by A, appends this signature and its certificate and forwards the SRD to Z.

J→Z : [[SRD, IPZ, certA, β, NA, t] | signA ] | signJ, certJ

Where, signH =[[SRD, IPZ, certA, β, NA, t] | signA]]SKJ.

Step 4: Finally, the SRD arrives at destination Z, which replies to the first SRD that it receives for a source and a given nonce. There is no guarantee that the first SRD received traveled along the shortest path from the source. A SRD that travels along the shortest path may be prevented from reaching the destination first if it encounters congestion or network delay, either legitimately or maliciously manifested. In this case, however, a non-congested, non-shortest path is likely to be preferred to a congested shortest path because of the reduction in delay. Because SRDs do not contain a hop count or specific recorded source route, and because messages are signed at each hop, malicious nodes have no opportunity to redirect traffic. Z on getting this SRD packet verifies it using both VKJ and VKA, confirms its authenticity and extracts EKA. Z creates a secure route reply (SRR) packet and unicasts it back to the source along the reverse path. The first node that receivesthe SRR sent by Z is H.

Z→H : [SRR, IPA, certZ, NA, t, {KAZ}EKA] | signZ

Where, signZ = [SRR, IPA, certZ, NA, t, {KAZ}EKA]SKZ.

The SRR includes a packet type identifier "SRR", the IP address of A, the certificate of Z, the nonce NA, the associated time stamp t sent by A and a session key KAZ between A and Z encrypted with EKA, all appended by the signature signZ of Z. Nodes that receive the SRR forward the packet back to the predecessor from which they received the original SRD. Each node along the reverse path back to the source signs the SRR and appends its own certificate before forwarding the SRR to the next hop. Since, J is the next hop node to the source A after H:

H→J : [[SRR, IPA, certZ, NA, t, {KAZ}EKA] | signZ] | signH, certH

Where, signH = [[SRR, IPA, certZ, NA, t, {KAZ}EKA] | signZ] SKH

J on getting the SRR validates H's signature on it, removes H's signature and certificate, signs the contents of the message and appends this signature and its own certificate before unicasting the SRR to its neighbour L.

.J→L : [[SRR, IPA, certZ, NA, t, {KAZ}EKA] | signZ] | signJ, certJ

Where, signJ = [[SRR, IPA, certZ, NA, t, {KAZ}EKA] | signZ] SKJ

Each node checks the nonce and signature of the previous hop as the SRR is returned to the source. This avoids attacks involving impersonation and replay of the message. Eventually the source A receives the SRR.

Step 5: On getting the SRR, A verifies Z's signature and the nonce returned by Z to conform its authenticity. It then extracts the session key KAZ. A now encrypt the data packet using KAZ and send it to Z along the same route.


Figure 5 shows the observed results for average packet delivery fraction for both the 10 and 20 node networks. As shown in the figure, the packet delivery fraction obtained using SZRP is above 96% in all scenarios and almost identical to that obtained using ZRP. This suggests that SZRP is highly effective in discovering and maintaining routes for delivery of data packets, even with relatively high node mobility.

Fig 5: Simulation Results - Average Packet Delivery Fraction

Figure 6 illustrates the results of the experiments. As shown in the figure, when using SZRP, a much larger fraction of packets that passed through malicious nodes were dropped, as compared to that of ZRP. For instance, in the presence of 30% malicious nodes with no node mobility, only 26% of packets that pass through malicious nodes were dropped when using ZRP, as compared to almost 47% when using SZRP.

Fig 6: Simulation Results - Percentage of Packets Dropped that passes through Malicious Nodes.

These results show that about 50% of packets that were possibly altered by malicious nodes in the network remained undetected and could potentially make their way through authentic nodes when using ZRP, as compared to the proposed protocol. This is a significant increase in the degree of security level.

Conclusion and Future Work

In this thesis, we have considered the routing approaches in mobile ad hoc networks from the security viewpoint. We have analyzed the threats against ad hoc routing protocols and presented the requirements that need to be addressed for secure routing. Existing secure routing protocols for mobile ad hoc networks are either proactive or reactive in nature; hence are limited in their approach in terms of providing security across diverse networking applications. We explored the advantages of hybrid routing in dealing with these limitations, where the proactive and the reactive behavior is mixed in the amounts that best match these operational conditions. We have presented the design and analysis of a new secure routing protocol for mobile ad hoc networks, called the Secure Zone Routing Protocol (SZRP). The proposed protocol is hybrid in nature and based on the concept of zone routing protocol (ZRP). It provides a solution for secure routing in an open and managed-open environment. In designing SZRP, we carefully fit the inexpensive cryptographic primitives to each part of the protocol functionality to create an efficient protocol that is robust against multiple attacks in the network. The proposed protocol gives a better solution towards achieving the security goals like message integrity, data confidentiality and message authentication, by taking an integrated approach of digital signature and both the symmetric and asymmetric key encryption techniques.

The proposed protocol presented in this thesis considers that, the certification authorities (CAs) are safe within the network and are free from any kind of attacks caused either by external advisory or internal compromised nodes. A possible extension of the work may include employing additional feature to SZRP so that it can handle a scenario where the trusted certification authorities are compromised or attacked.